NSO Group deeply involved in hacking our users: WhatsApp
In new court filings WhatsApp has alleged that an "Israeli spyware company used US-based servers and was 'deeply involved' in carrying out mobile phone hacks of 1,400 WhatsApp users, including senior government officials, journalists, and human rights activists".
New claims emerging about the NSO Group allege that they are responsible for serious human rights violations, including hacking more than a dozen Indian journalists and Rwandan dissidents.
NSO Group has maintained for years that its spyware is bought by governments to track down terrorists and criminals and they have no knowledge of who exactly these governments are. Reports have it that Mexico and Saudi Arabia have used NSO's spyware.
The lawsuit filed by WhatsApp last year against NSO Group, first of a kind by any tech company, has revealed more technical details about how Pegasus (the hacking software) is "allegedly deployed against targets".
In court filings last week, WhatsApp said that its own "investigation into how Pegasus was used against 1,400 users last year showed that servers controlled by NSO Group - not its government clients - were an integral part of how the hacks were executed".
WhatsApp said that "victims of the hack received phone calls using its messaging app, and were infected with Pegasus".
WhatsApp then said - "NSO used a network of computers to monitor and update Pegasus after it was implanted on users' devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers' operation and use of Pegasus."
According to WhatsApp, "NSO gained 'unauthorised access' to its servers by reverse-engineering the messaging app and then evading the company's security features that prevent manipulation of the company's call features".
As per the court filings, "One WhatsApp engineer who investigated the hacks said in a sworn statement submitted to the court that in 720 instances, the IP address of a remote server was included in the malicious code used in the attacks. The remote server, the engineer said, was based in Los Angeles and owned by a company whose data centre was used by NSO".
NSO has claimed in legal filings that they have no insight into how these government clients use hacking tools and therefore do not know who is being targeted.
One expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp for the case, said - "NSO's control of the servers involved in the hack suggests the company would have had logs, including IP addresses, identifying the users who were being targeted".
"Whether or not NSO looks at those logs, who knows? But the fact that it could be done is contrary to what they say," Scott-Railton said.
In a statement to the Guardian, NSO stood by its earlier remarks.
"Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients," the company said. "Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate."
The company said it would file a response to the court in the coming days.